Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OpenHarmony — Vulnerabilities & Security Advisories 167

Browse all 167 CVE security advisories affecting OpenHarmony. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OpenHarmony is an open-source operating system designed for distributed scenarios across smart devices, IoT, and industrial applications. Its architecture emphasizes modularity and scalability, allowing developers to tailor the system for diverse hardware constraints. Historically, the project has faced 167 recorded Common Vulnerabilities and Exposures (CVEs), with recurring issues primarily involving buffer overflows, use-after-free errors, and improper input validation. These flaws often lead to remote code execution or privilege escalation, particularly within the device communication and permission management modules. While no single catastrophic incident has defined its history, the high volume of CVEs highlights challenges in maintaining rigorous security standards across its fragmented ecosystem. The project relies on community-driven patches and formal verification efforts to mitigate risks, though the complexity of its distributed nature continues to present significant attack surface challenges for security researchers and administrators alike.

Top products by OpenHarmony: OpenHarmony
CVE IDTitleCVSSSeverityPublished
CVE-2023-25176 Pasteboard has an out-of-bounds read vulnerability — OpenHarmonyCWE-125 2.9 Low2024-03-04
CVE-2024-21863 Dsoftbus has an improper input validation vulnerability — OpenHarmonyCWE-20 4.7 Medium2024-02-02
CVE-2024-21851 Dsoftbus has an integer overflow vulnerability — OpenHarmonyCWE-190 2.9 Low2024-02-02
CVE-2024-0285 Dsoftbus has an improper input validation vulnerability — OpenHarmonyCWE-20 4.7 Medium2024-02-02
CVE-2023-45734 Dsoftbus has an out-of-bounds write vulnerability — OpenHarmonyCWE-787 4.2 Medium2024-02-02
CVE-2024-21860 Dsoftbus has a use after free vulnerability — OpenHarmonyCWE-416 8.2 High2024-02-02
CVE-2024-21845 Dsoftbus has an integer overflow vulnerability — OpenHarmonyCWE-190 2.9 Low2024-02-02
CVE-2023-49118 Dsoftbus has an out-of-bounds read vulnerability — OpenHarmonyCWE-125 2.9 Low2024-02-02
CVE-2023-43756 Dsoftbus has an out-of-bounds read vulnerability — OpenHarmonyCWE-125 2.9 Low2024-02-02
CVE-2023-49142 multimedia audio has a UAF vulnerability — OpenHarmonyCWE-416 4.0 Medium2024-01-02
CVE-2023-49135 multimedia player has a UAF vulnerability — OpenHarmonyCWE-416 4.0 Medium2024-01-02
CVE-2023-48360 multimedia player has a UAF vulnerability — OpenHarmonyCWE-416 4.0 Medium2024-01-02
CVE-2023-47857 multimedia camera has a UAF vulnerability — OpenHarmonyCWE-416 4.0 Medium2024-01-02
CVE-2023-47216 Liteos-A has a missing release of resource vulnerability — OpenHarmonyCWE-772 2.9 Low2024-01-02
CVE-2023-47217 Arkruntime has a buffer overflow vulnerability — OpenHarmonyCWE-120 4.0 Medium2023-11-20
CVE-2023-46100 Cert manager has a use of uninitialized resource vulnerability — OpenHarmonyCWE-908 6.2 Medium2023-11-20
CVE-2023-42774 Liteos-A has a incorrect default permissions vulnerability — OpenHarmonyCWE-276 6.2 Medium2023-11-20
CVE-2023-6045 Arkruntime has a type confusion vulnerability — OpenHarmonyCWE-843 5.9 Medium2023-11-20
CVE-2023-46705 Arkruntime has a type confusion vulnerability — OpenHarmonyCWE-843 6.2 Medium2023-11-20
CVE-2023-43612 Hiview has an improper preservation of permissions vulnerability — OpenHarmonyCWE-281 8.4 High2023-11-20
CVE-2023-3116 Liteos-A has a incorrect default permissions vulnerability — OpenHarmonyCWE-276 7.3 High2023-11-20
CVE-2023-4753 OpenHarmony v3.2.1 and prior version has a system call function usage error — OpenHarmonyCWE-20 3.9 Low2023-09-21
CVE-2023-25947 The bundle management subsystem has a improper input validation when installing a HAP package. — OpenHarmonyCWE-20 6.2 Medium2023-03-10
CVE-2023-24465 Communication Wi-Fi  subsystem has a null pointer reference vulnerability when receving external data. — OpenHarmonyCWE-20 5.5 Medium2023-03-10
CVE-2023-22436 The kernel subsystem function check_permission_for_set_tokenid has an UAF vulnerability. — OpenHarmonyCWE-190 7.8 High2023-03-10
CVE-2023-22301 The kernel subsystem hmdfs has a arbitrary memory accessing vulnerability. — OpenHarmonyCWE-20 6.5 Medium2023-03-10
CVE-2023-0083 The ArkUI framework subsystem doesn't check the input parameter,causing type confusion and invalid memory access. — OpenHarmonyCWE-843 4.0 Medium2023-03-10
CVE-2023-0036 platform_callback_stub in misc subsystem has an authentication bypass vulnerability which allows an "SA relay attack". — OpenHarmonyCWE-287 6.5 Medium2023-01-09
CVE-2023-0035 softbus_client_stub in communication subsystem has an authentication bypass vulnerability which allows an "SA relay attack". — OpenHarmonyCWE-287 6.5 Medium2023-01-09
CVE-2022-43662 Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. — OpenHarmonyCWE-120 4.0 Medium2023-01-09

This page lists every published CVE security advisory associated with OpenHarmony. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.